We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

US Congress repeals new FCC data privacy rules

The US Congress has repealed the Federal Communications Commission's (FCC's) 2016 Privacy Order regarding new data security rules and customer data. U.S. President Donald Trump has confirmed the repeal. The new rules were issued late last year to enhance data privacy. The rules that will be repealed include the requirement of Internet Service Providers (ISPs) and other telecommunication carriers to "take reasonable measures to protect private information about customers from unauthorized use, disclosure, or access". As a result, it will be possible for ISPs and telecommunications companies to sell data about their customers without consent.

This repeal reflects the FCC's desire to align its framework on data privacy with that of the Federal Trade Commission (FTC). It was argued that the new rules were not consistent with the FTC's framework and that this would hamper the creation of a level regulatory framework on data privacy. The FCC now seems in favour of rules that would match the lesser protection afforded to personal privacy that exists under the FTC regime. The main difference between the two had been that the FCC required ISPs to protect web browsing history, whereas the FTC did not require such protection.

This decision could benefit ISPs and telecommunication carriers although privacy groups have expressed concerns for customers whose privacy may be affected. However as many of these rules had not yet come into effect, this repeal will generally have the effect of maintaining the original status quo pending an overall review of the data privacy framework by both the FTC and the FCC.

This decision is a potential indicator of the direction the US administration is taking with regard to privacy rights. It remains to be seen what will be the outcome of the review in September of the EU-US Privacy Shield by the European Commission and the US Department of Commerce. This repeal could suggest that the overall tendency is towards a different standard of protection for personal privacy under the US regime.